unnamed sandbox escape (CVE-2023-32364) - a macOS sandbox escape by mounting

Posted on 2023-09-26 in blog • Tagged with macOS, ASB, sbx, 0day

This post is a writeup of CVE-2023-32364, a macOS application sandbox escape bug I found. It was supposed to be unveiled in my upcoming talk:

"Unexpected, Unreasonable, Unfixable: Filesystem Attacks on macOS" at OBTS v6,

but I needed to cut some bugs out. This is one of them.

macOS Sandboxing …

Continue reading